[Nix-dev] Failed to add route because network is unreachable

Bas van Dijk v.dijk.bas at gmail.com
Mon Apr 27 16:31:16 CEST 2015 

I just discovered that I can successfully manually add the route if I
Ieave of the "via <gateway>" option:

# ip route add  10.180.0.0/24 src 172.16.48.17 dev eth0

After this I can successfully ping hosts on the other side of the VPN!

I'll just settle with adding this to my local networking commands:

    networking.localCommands = ''
       ip route add 10.180.0.0/24 src 172.16.48.17 dev eth0 || true
    '';

I do wonder though, why adding that route with a "via <gateway>"
option gives the aforementioned error.

Cheers,

Bas

On 27 April 2015 at 15:58, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> Dear Nixers,
>
> I've a slightly off-topic question but since I know there are some
> excellent Unix networking experts on this list I hope to get a pointer
> in the right direction.
>
> After some changes in my networking setup (I added an IP address to my
> eth0 interface) my strongswan VPN service fails to add a route to my
> routing table (it used to work before):
>
> installing route: 10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
> received netlink error: Network is unreachable (101)
>
> If I manually try to add the route I get the same error message:
>
> # ip route add  10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
> RTNETLINK answers: Network is unreachable
>
> I've asked[1] the same question on the strongswan mailing list but
> haven't found a solution yet.
>
> My network settings are fairly simple (note I'm deploying my machine
> using nixops to Hetzner):
>
>   deployment = {
>     targetEnv = "hetzner";
>     hetzner = {
>       mainIPv4  = "136.243.17.41";
>       ...
>     };
>   };
>
>   networking = {
>     enableIPv6 = false;
>     useDHCP = false;
>
>     interfaces.eth0.ip4 = [
>       { address = "136.243.25.125"; prefixLength = 32; }
>       { address = "136.243.25.108"; prefixLength = 32; }
>       { address = "172.16.48.17";   prefixLength = 28; }
>     ];
>
>     firewall = {
>       enable    = true;
>       allowPing = true;
>       allowedTCPPorts = [ ... ];
>     }
>   };
>
> Any idea why I can't add that route?
>
> Regards,
>
> Bas
>
> [1] https://lists.strongswan.org/pipermail/users/2015-April/007935.html

More information about the nix-dev mailing list